Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/NCUIFPYBE46xPxT9vDkAgERiZhE.roa
File:                     NCUIFPYBE46xPxT9vDkAgERiZhE.roa (raw, json)
Hash identifier:          0YWBFT0brwWOlS/XjVuMvgoMwGUysC824GgKQhwp9r8=
Subject key identifier:   34:25:08:14:F6:01:13:8E:B1:3F:14:FD:BC:39:00:80:44:62:66:11
Certificate issuer:       /CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
Certificate serial:       018CC7934176AA91C136D868C79BD7242FAC
Authority key identifier: 5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/NCUIFPYBE46xPxT9vDkAgERiZhE.roa
Signing time:             Tue 02 Jan 2024 00:29:25 +0000
ROA not before:           Tue 02 Jan 2024 00:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395003
IP address blocks:        193.46.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:41:76:aa:91:c1:36:d8:68:c7:9b:d7:24:2f:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fba6255dedaa1a1b6b17cb8ea91e02d412b8718
        Validity
            Not Before: Jan  2 00:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34250814f601138eb13f14fdbc39008044626611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:45:75:1b:7b:d1:1e:1b:17:7d:9b:3b:06:c3:
                    93:af:39:4b:72:8e:15:c4:08:58:42:e5:6e:33:81:
                    73:16:0c:36:bc:68:38:62:8c:e2:2b:19:62:41:64:
                    43:db:1c:87:fd:78:53:9a:a2:54:21:eb:5d:7c:54:
                    75:3b:a6:83:97:7a:26:be:ae:c2:a6:1f:54:76:ad:
                    a7:30:4e:81:ca:b2:ec:52:65:41:99:73:2a:f3:65:
                    24:71:ca:6b:d0:74:fd:ed:45:cb:6b:c0:2c:32:31:
                    6e:66:df:e6:a0:06:5b:8f:bd:a9:65:b2:56:2e:9b:
                    d9:bb:29:4c:b2:43:bb:f9:88:22:be:40:27:db:f7:
                    82:b5:48:8a:50:a6:92:ef:bc:49:eb:9d:7c:fc:0f:
                    05:71:6c:e5:ab:05:75:12:05:24:b1:bc:33:76:7c:
                    5d:f0:1a:df:42:50:87:ec:f4:54:3d:e0:d4:b6:20:
                    75:85:85:e6:db:a4:fc:af:32:ae:e0:b6:b9:50:52:
                    90:b8:87:8b:7b:fc:38:31:00:ca:ff:cd:1d:ed:d5:
                    7e:2b:b5:d9:85:98:de:95:8e:31:8b:58:2a:f3:5a:
                    7f:83:f2:11:22:9e:f3:5d:d4:df:0f:8a:43:8b:c1:
                    23:9d:e7:a9:dd:f3:4a:6c:ad:fb:7b:46:76:35:ce:
                    54:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:25:08:14:F6:01:13:8E:B1:3F:14:FD:BC:39:00:80:44:62:66:11
            X509v3 Authority Key Identifier:
                keyid:5F:BA:62:55:DE:DA:A1:A1:B6:B1:7C:B8:EA:91:E0:2D:41:2B:87:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7piVd7aoaG2sXy46pHgLUErhxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/NCUIFPYBE46xPxT9vDkAgERiZhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/91a770-828d-4e2b-bd81-61e512ba25b7/1/X7piVd7aoaG2sXy46pHgLUErhxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:fe:d1:67:a6:75:72:6c:99:f7:b4:a6:34:3d:72:91:53:be:
         c3:08:ad:fe:df:7d:b6:64:f2:a1:0d:3f:a9:87:68:47:bf:4f:
         27:7d:86:e6:64:ad:44:20:1a:4d:12:bb:33:7d:46:8e:37:77:
         e5:b0:8e:25:e5:f9:c8:82:57:33:e1:98:e4:84:5d:4d:dd:ea:
         d7:f1:53:fe:cc:fc:ec:64:ed:30:7e:b4:0a:bd:49:18:39:f8:
         66:fd:41:46:02:b3:85:48:be:35:71:0b:4c:17:9a:2b:45:2d:
         d8:57:8d:21:6f:85:ab:88:f9:a1:31:7a:82:19:bc:c0:60:1c:
         a5:85:5d:3d:b1:8f:85:74:f4:e0:f0:a6:60:47:a3:1d:6d:91:
         fe:2f:03:d5:9a:29:70:fb:ae:a4:8f:db:e2:ec:8c:b9:cf:3d:
         f4:01:20:96:a0:a2:e2:ce:58:c8:7b:87:23:cb:68:cf:8e:66:
         e4:ee:74:53:8f:c8:2b:4f:35:83:de:43:b5:bc:cb:9e:a4:64:
         10:73:c8:52:30:05:c0:b1:4c:f4:37:dc:d5:a4:db:1a:79:20:
         2f:6a:35:16:55:1a:df:d6:00:e5:02:fb:6b:98:94:1d:3e:55:
         45:ad:33:71:29:f8:76:ab:e9:2f:5e:64:a7:41:bd:15:4d:02:
         47:87:f3:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk0F2qpHBNthox5vXJC+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmE2MjU1ZGVkYWExYTFiNmIxN2NiOGVhOTFlMDJkNDEy
Yjg3MTgwHhcNMjQwMTAyMDAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDI1MDgxNGY2MDExMzhlYjEzZjE0ZmRiYzM5MDA4MDQ0NjI2NjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkV1G3vRHhsXfZs7BsOTrzlLco4V
xAhYQuVuM4FzFgw2vGg4YoziKxliQWRD2xyH/XhTmqJUIetdfFR1O6aDl3omvq7C
ph9Udq2nME6ByrLsUmVBmXMq82Ukccpr0HT97UXLa8AsMjFuZt/moAZbj72pZbJW
LpvZuylMskO7+YgivkAn2/eCtUiKUKaS77xJ6518/A8FcWzlqwV1EgUksbwzdnxd
8BrfQlCH7PRUPeDUtiB1hYXm26T8rzKu4La5UFKQuIeLe/w4MQDK/80d7dV+K7XZ
hZjelY4xi1gq81p/g/IRIp7zXdTfD4pDi8Ejneep3fNKbK37e0Z2Nc5URwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQlCBT2AROOsT8U/bw5AIBEYmYRMB8GA1UdIwQY
MBaAFF+6YlXe2qGhtrF8uOqR4C1BK4cYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEt
NjFlNTEyYmEyNWI3LzEvTkNVSUZQWUJFNDZ4UHhUOXZEa0FnRVJpWmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85MWE3NzAtODI4ZC00ZTJiLWJkODEtNjFlNTEyYmEyNWI3
LzEvWDdwaVZkN2FvYUcyc1h5NDZwSGdMVUVyaHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5KMA0G
CSqGSIb3DQEBCwUAA4IBAQBt/tFnpnVybJn3tKY0PXKRU77DCK3+3322ZPKhDT+p
h2hHv08nfYbmZK1EIBpNErszfUaON3flsI4l5fnIglcz4ZjkhF1N3erX8VP+zPzs
ZO0wfrQKvUkYOfhm/UFGArOFSL41cQtMF5orRS3YV40hb4WriPmhMXqCGbzAYByl
hV09sY+FdPTg8KZgR6MdbZH+LwPVmilw+66kj9vi7Iy5zz30ASCWoKLizljIe4cj
y2jPjmbk7nRTj8grTzWD3kO1vMuepGQQc8hSMAXAsUz0N9zVpNsaeSAvajUWVRrf
1gDlAvtrmJQdPlVFrTNxKfh2q+kvXmSnQb0VTQJHh/PD
-----END CERTIFICATE-----